MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
I have the Comcast triple-play package (TV/phone/internet), which limits my choices of modems to the Arris TG1682G. It was a "required upgrade" from my old modem.
Are you sure it truly was required? I, too, have the triple-play. I received emails and even a snail mail letter alerting me that my modem was old and not delivering the speed that I am paying for, and saying that I needed to upgrade. I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not.

So I have ignored it, and yet my service has kept on working flawlessly. After I have sufficient time to set up and test my Ooma service, I will put it into service, powered by the standalone modem that I also ordered.
 


Are you sure it truly was required? I, too, have the triple-play. I received emails and even a snail mail letter alerting me that my modem was old and not delivering the speed that I am paying for, and saying that I needed to upgrade. I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not. So I have ignored it, and yet my service has kept on working flawlessly. After I have sufficient time to set up and test my Ooma service, I will put it into service, powered by the standalone modem that I also ordered.
I suspect now it wasn't a hard requirement. When I asked, Comcast told me that 'yes, it is required; your internet will stop working after a specific date', which I think was early 2018.

I should have just held out and waited.
 


Mark, you did hit on two things we have found to be very true regarding the Xfinity public WiFi. Turning it off (either by your on-line account or by calling tech support) may, or just as likely, may not, turn it off.
You can sign in to the router and turn it off. It works fine and does actually turn it off. If you see an Xfinity wifi SSID as still being available, it is a neighbor's.
Now - with all that said... if you do get it off, it will be reactivated at some point by Comcast. They push settings, updates and the like at random intervals, and doing so will normally turn the Xfinity signal back on.
Not true [for me] unless, for some reason, the update causes the router to do a full reset, which causes it to go back to its default settings. Of course, in that case, your SSID and any other custom settings would also chang,e so you would certainly know it. Simply restarting the router won't do this, and no update I have ever received from Comcast has ever turned the setting back on (I turned it off the day I got it).
 


MacInTouch's Amazon link reveals a refurbished certified Arris Surfboard DOCSIS 3.1 cable modem for about $130 at Amazon. If you own it, you control it and need worry no more about Comcast getting you to do their network hosting for them on your dime. You'll recoup the cost within a year.
My own experience with iStumbler suggests you might not be a able to determine if Comcast's current device in your apartment is the source of the 'xfinitywifi' hotspot (a neighbor's might be too close for iStumbler to discriminate between them).
The problem with this modem is that it doesn't support phone service. It is a non-starter if you use Comcast's Triple Play package deal... assuming you actually use the phone option.
 


I suspect now it wasn't a hard requirement. When I asked, Comcast told me that 'yes, it is required; your internet will stop working after a specific date', which I think was early 2018.
There is one situation in which I think that might have been true, now that I give it more thought. How old was your old modem, out of curiosity? If it was really old (DOCSIS 2.0 or older) it could have reached the point of Comcast "switching off" support for older modems... but they generally have to be ancient for that to happen.
 




There is one situation in which I think that might have been true, now that I give it more thought. How old was your old modem, out of curiosity? If it was really old (DOCSIS 2.0 or older) it could have reached the point of Comcast "switching off" support for older modems... but they generally have to be ancient for that to happen.
My old modem may have been DOCSIS 2.0. It was first installed in late 2012.
 


My way to discern the difference in xfinitywifi is to note the approximate distance in iStumbler. The one from my Comcast access point is 2.5 meters away. The one from across the street is about 15 meters. I also have a neighbor who has Comcast, and that one is about 11 meters. So anything more than a couple meters is most likely not yours.
That is not reliable here. iStumbler is currently showing two different neighbors closer than my 5G extension. It shows the 2G band of the same extension device three meters closer. Neither band’s distance is particularly accurate. It shows them as 6.5 meters and 9.7 meters when they are easily >14 meters from my desktop. I don't know how useful comparing BSSIDs (MAC address) is either. There is an "xfinitywifi" that appears intermittently and appears to rotate BSSIDs (or is at least two "xfintiywifi" nodes appearing intermittenty), none of which is remotely similar to any others in my proximity.
 


MacInTouch's Amazon link reveals a refurbished certified Arris Surfboard DOCSIS 3.1 cable modem for about $130 at Amazon. If you own it, you control it and need worry no more about Comcast getting you to do their network hosting for them on your dime. You'll recoup the cost within a year.
I had a particularly bad experience with a refurbished Arris voice modem a few years ago. It did not work, resulted in months going round with Comcast, and finally an FCC complaint. The FCC resolved it in my favor quickly (but the modem still didn't work). I would not count on such a prompt, consumer friendly, response from the FCC these days.
 


You can sign in to the router and turn it off. It works fine and does actually turn it off. If you see an Xfinity wifi SSID as still being available, it is a neighbor's.
Now - with all that said... if you do get it off, it will be reactivated at some point by Comcast. They push settings, updates and the like at random intervals, and doing so will normally turn the Xfinity signal back on.
Not true [for me] unless, for some reason, the update causes the router to do a full reset, which causes it to go back to its default settings. Of course, in that case, your SSID and any other custom settings would also chang,e so you would certainly know it. Simply restarting the router won't do this, and no update I have ever received from Comcast has ever turned the setting back on (I turned it off the day I got it).
You are indeed very lucky, and must have some new model of modem from Comcast, for, considering your one example, I can cite hundreds here where this is not true, including 3 new installs in just the last two weeks.

As well, virtually each and every one of our hundreds of Comcast modems we are now, or have been, responsible for over the last years experience had the random turn-back-on of the Xfinity WiFi, and we have verified this with both senior Comcast tech support and their engineering.

We have never seen any Comcast modem that allows "local" control (i.e. by the user) of the Xfinity side of the modem. Maybe only true here in South Florida, but I think the modem selections are pretty much the same in all their states (9?). I spoke with a senior tech support manager this afternoon over this issue to ascertain if this has changed, and he stated "absolutely not" Perhaps he was mistaken?
 


I don't know how useful comparing BSSIDs (MAC address) is either. There is an "xfinitywifi" that appears intermittently and appears to rotate BSSIDs (or is at least two "xfintiywifi" nodes appearing intermittenty), none of which is remotely similar to any others in my proximity.
Could you share some of those MAC addresses?

A MAC address is a structure consisting of several fields containing useful information.

In particular, the first three bytes, and within that the two least significant bits of the first byte are most important.

The least significant bit of the first byte is a 0 for a unicast MAC address and 1 for a multicast address. The second-least significant bit is a 0 for a globally-unique address and 1 for a "locally administered" address.

I'm going to ignore the multicast bit, except for a quick mention that there are standard-defined multicast MAC addresses, including ranges for mapping IP multicast destination addresses onto Ethernet multicast destination addresses.

The second-least-significant bit of the first byte determines if the address is global or local. Most of the MAC addresses you see will be global - this bit will be 0. In this situation, the first three bytes identify the manufacturer of the network interface. You can use the IEEE master list of OUIs to identify a manufacturer from these addresses.

For example, my Dell laptop's MAC starts with F8-CA-B8. A Linux PC here has five Ethernet ports. The one on the motherboard has an address starting with 00-1d-09 (Dell) and the four on a PCIe card have addresses starting with 00-15-17 (Intel). The Linksys router here has an address starting with 24-F5-A2 (Belkin - Linksys's parent company).

If Comcast is using addresses where the second-to-last bit of the first byte is 0, then it is a hardware-assigned address that should uniquely identify the router (and more likely, one network port on that router), along with the manufacturer of that router.

If the second-least-significant bit of the first byte is a 1, then it is a locally-administered MAC address and may not be globally unique. For example the "docker0" virtual network interface on my Linux PC has a MAC address beginning with 02-42-10 (02 = 00000010).

If Comcast's xfinitywifi MAC addresses also follow this pattern, then they are being generated by Comcast's software and won't match customers' local networks. They might be a function of the device's hardware MAC address, but there's no rule requiring this and doesn't seem to be any commonly used algorithm either.
 


I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not.
... It's a long time since I've seen a non-WiFi router supplied by Comcast or its competitors. These days, if you don't want WiFi, they usually just disable that service on a standard WiFi router.
 


These days, if you don't want WiFi, they usually just disable that service on a standard WiFi router.
That's the problem. It would be nice if we could guarantee that it would stay disabled once set, but, much like their hotspot feature, we can't. That guarantees that my current modem will be the last I ever lease from them.
 


My old modem may have been DOCSIS 2.0. It was first installed in late 2012.
Based on what I can see from that information, it's unlikely. I looked it up; DOCSIS 3.0 was released in 2006.

I was hoping that your situation was an example of them doing something honest for once...
 


I changed over to a Comcast triple-play last fall. Told the nice salesperson I did not want their WiFi and wanted to own my modem rather than lease. She said a Touchstone TM822G was approved and would work. So I bought one, and the install went fine, and I used my
AirPort with it.

Then Comcast upped the speed of my subscription and started sending me the message that my modem was not able to support the new higher speed, saying "it's time for a modem update." The online Comcast page listed a few approved non-wifi modems with phone support, each a lot more expensive than the Touchstone, but I couldn't find any place that had them in stock. Their listing for the Touchstone said it was not fast enough for the new speed.

Comcast kept sending me mail about how my brand-new modem was too slow. Then they changed their modem page, raising the rated speed of the TM822G, and stopped sending me mail. So far, it has been working fine at 120Mbps down, 11Mbps up.
 


Could you share some of those MAC addresses?
Here's what iStumbler sees:
CenturyLink0334,69d273df82a38567d13df6e6cb539d2a
CenturyLink2304,364ce7bae83c8eae3764ae9532107e6e
NPB5-EXT,f4d2ae156246808d23b9f5b179bd57c7
denanna,d85c3287d379bf4a601d82422b5aebb2
Dining Room Speaker.o,6fda4cfd0ffbf10f584520e79974f3a8
NPB2,b204ee13e7b2a66acfd6ae36946aa095
Dutchharbor/5g2,1b141f8f702ba147afd13d02c2d3e68b
NETGEAR96,49f1af2bc497789e2712f1f31f51a8ba
NPB5,37539c0babe3174023b65104de8772e0
DIRECTV_WVB_23839403906,34a7bd647b34bb6acb17a80bc3ca7cfe
Dutchharbor/2.4g,105baddfda6312de3f2a3fd9c68b5933
xfinitywifi,c6b4a76063d2de499a41a1eae9b0e5c8
NETGEAR96-5G,c092019c110de57dfc61b0c4b1a4f34b
Dutchharbor/5g1,3536d04325a2addae32382c8a1e4a535
NETGEAR55,5fcf3384f6a481c164138b3cd26b132b
BlueHeaven,119cf52e628b0253b4475a22a638cc0c
HOME-08B2,5fbf3cc30cfb2e51d84bf744cf4a9b49
NewThermostat_77FC07,2c6ada37aa0e86ab3ce157ba0cc43b14
NPB2-EXT,bde4f9c04113f0279a359cf9b4a543fe
proy2.4,ff00d2a970ac65f7209d2762867cc98f
The other xfinitywifi MAC number (the log didn't catch it) is 104f73fed566674ac01097222c5f9a013

Don't seem very useful though. Even the MAC's from my two devices don't seem to have any common bytes. There are two "xfinitywifi" nodes that appear and disappear frequently during just a few minutes monitoring (presumably due to weak signals?). But I was mistaken, their numbers do not change. I am pretty certain they aren't from my modem/router though. The signal levels are much lower.
 


Comcast kept sending me mail about how my brand-new modem was too slow. Then they changed their modem page, raising the rated speed of the TM822G, and stopped sending me mail. So far, it has been working fine at 120Mbps down, 11Mbps up.
There could be a legitimate technical reason for this. DOCSIS involves multiple channels of data (similar in concept to Wi-Fi channels). Each one has a particular frequency and bandwidth and encodes data using various kinds of QAM (very similar to mobile phones, actually). A modem typically connects to multiple channels at once ("channel bonding") in order to increase your overall bandwidth.

According to Wikipedia (DOCSIS: Throughput), DOCSIS 3.0 supports up to 42 Mbit/s per downstream channel and up to 30 Mbit/s per upstream channel. These are maxima - Comcast may or may not be serving up those rates.

That having been said, Comcast is supporting 25M per downstream channel, in which case, an 8-channel modem would max out at 200M (but would probably not be recommended for more than 100M, because network congestion might not let you realize the full bandwidth of every channel). A modem with more channels would let you realize more throughput, up to the maximum number of channels Comcast is serving on your segment of the network.

If Comcast later changes their infrastructure (e.g. bumps the per-channel speed from 25M to 40M), then all of a sudden that 8-channel modem has a theoretical maximum of 320M (and should probably work reliably at 150-200M).

Of course, this is all just speculation. My point is that it might not just be marketing when they said your modem was too slow and later said it was OK.
 


Well, for that kind of $, it had better be more than wishful thinking! :-)
I did run some modest tests against a few things, when I first got it (it seemed to work), and the online log says it has blocked several things in the past week. That said, yes, it also requires a BitDefender annual license and software. It's $99 per/year for all the bad guys you can eat.
There are some 60+ items in my house connected to the net (not just computers, but media boxes, amps, light switches, DVD player, Tivos, iPhones, iPads and on and on), so it amortizes well.
If you have suggestions as to how to test the Box per se, I'd be happy to hear them.
Tom's has a review here:
I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does. (And according to the log it provides, it’s raining threats in the Boston area! Many of them, a handy mapping feature shows me, apparently originating from nearby Kendall Square.)

The software also provides Parental Control, and the RT2600ac can act as a VPN and a server. No subscription, but Synology seems diligent about sending security advisories (two in the last month) and patches to registered owners.

I have no idea how something like the RT2600ac compares to the stand-alone BitDefender, and I'd be interested in hearing what someone who actually knows what they're talking about (not me) thinks about them.

Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.
 



I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does.
That's the same router I have, and I am very happy with it. Glad to hear I'm not the only one.
The software also provides Parental Control,...Synology seems diligent about sending security advisories (two in the last month) and patches to registered owners.
The parental control module (which Synology calls "Safe Access") also seems to incorporate some of its security features, among them Google Safe Browsing, the database for which the router automatically downloads. I enabled it once to see what it did, not using any of the features specifically geared towards parental control but thinking the other security-related features might be handy.

It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:

"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."
There is a button to "Proceed anyway." This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed. The only thing I know is that it is not related to Google Safe Browsing, because their lookup site has no problem with that domain. I have no idea where to report a possible false positive. So I'm happy with the router, but not that feature. I would hope the BitDefender Box2 is more informative with regard to why it blocks what it blocks.

I first went to the mac128 site a couple months ago, but I re-enabled the feature today as a test and went back there again today; it was still blocked.
Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.
I am very happy to read that. While I don't mean to veer the thread off-topic, did you have to do any QoS settings adjustments to get good quality, or just plug it in and go?
 


... It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:
"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."There is a button to "Proceed anyway."​
This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed.
It looks like it is blocking the site due to certificate issues. Try turning off the safe blocking and use the https:// prefix when trying to access the mac128.com. You will get a "This site is not private" error in Safari, as well. When I examine the certificate, it looks like certificate is not properly issued for the website.

Considering the site apparently has not been updated in over 10 years, it sounds like it is pretty much abandoned.
 


... I am very happy to read that. While I don't mean to veer the thread off-topic, did you have to do any QoS settings adjustments to get good quality, or just plug it in and go?
Plug and go, and I remember saying to myself, "What's he's talking about?", when I read your question. I've never had any QoS problems with my Telo, and wasn't aware there were any - maybe because I'm on FiOs in the Boston area?

I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED). Not unexpected, but being mildly paranoid about the speed of my LAN, I put them both behind an old gigabit switch I had lying around and, voila, all (including the switch) went green for gigabit. Go figure, and probably unnecessary but...

Returning to topic, I should add that in my small one-story condo with plaster walls laid out in a way that puts the router at one end, not ideal, the RT2600ac's wireless coverage is much better than the AirPort Extreme's (802.11n) was - band-steering and beam-forming all being new to me and all performing as advertised - and the set-up is easy unless you want to delve into the settings and features. Upgradeable to mesh, iPhone app, etc. - see Wirecutter. I'd recommend one to anyone as a replacement for AirPort, especially if you want a BitBox for free.
 


FYI - I can see 3-4 Xfinity boxes. Here is the BSSIDs of just one of them. I thought it was interesting how many BSSID were available for one box.
Thanks. The ones starting with 5C (01011100) are globally-assigned addresses. 5C:B0:66 is assigned to Arris, which makes sense, since the SSID ("Internet1") sounds like a customer's LAN.

They others begin with 6E (01101110), 7E (01111110), 8E (10001110) and 9E (10011110). So we now know that Comcast is generating unique self-assigned MAC addresses for the networks they create.

It also looks like Comcast's algorithm is to replace the first byte and leave the rest unchanged. All of them (except for "XFINITY") seem to come in pairs (ending in "3F" and "40") here, which probably means the router has two radio interfaces (2.4GHz and 5GHz, I would assume).

If this holds true for others, then you can probably identify whose router each "xfinitywifi" network corresponds to by comparing the last 5 bytes of its MAC address with some other network's MAC address.
 


It looks like it is blocking the site due to certificate issues.
Interesting! This possibility never crossed my mind because none of my browsers report that the site even has a certificate, expired or otherwise, let alone attempt to use it. They will happily navigate to it as long as Safe Access is off, never attempting to establish any secure connection.

To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.

As old as the site is, I never tried manually navigating to a secure version of it.
 


Plug and go, and I remember saying to myself, "What's he's talking about?", when I read your question.
Briefly, so as not to go off-topic... At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.
I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED).
It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)
the RT2600ac's ... upgradeable to mesh
Wow... I didn't realize that. Thanks! I thought I'd have to replace my RT2600ac with the MR2200ac, but after going to their site, I see that they can indeed work together. Amazing!
 


At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.
It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)
No, only the ports they plugged into and, as I said, the switch was (in my very limited but evolving understanding of networking hardware) probably unnecessary. Why all its LEDs are green mystifies me though. It's a D-Link DGS2205 that in the past has always shown any fast ethernet connections as orange.

I think I do now remember the Ooma caution about priority and would have probably acted on it, if I'd had QoS problems. Good to be reminded if I ever do, thanks!
 


To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.
I opened a ticket with Synology, hoping to gain some insight as to why Safe Access would block access to the mac128 site, reporting it as a potential false positive. The reply stated the painfully obvious, that Safe Access blocks traffic when the mechanisms it uses detect what it thinks is malicious traffic. They then suggested it could be due to third parties spoofing IPs... and, of course, included a link on how to add an exception.

I pointed out that the complete lack of information as to why something is blocked makes it much more difficult to determine whether or not it is truly safe to add any given exception. They replied they would submit a request to provide more detailed information when something is blocked. I won't be using Safe Access unless and until that happens. While I still love and recommend the product, I'm not holding my breath for the Safe Access feature to improve.
 


I have a 3rd-generation Time Capsule, and for many months now it has been dying. The symptom is that it is unresponsive, with the status light out. Unplugging it and plugging it back in fixes it for a day or two, and then it dies again.

I figured this was due to the known problem with the capacitors in the older Time Capsule's power supply, and it would need to be replaced. Note that the recent firmware upgrade did not help.

Apparently not! On July 1st Apple turned off the Back to My Mac service, so I removed the BtMM sign-in in the Time Capsule settings. The Time Capsule has been up ever since!
 


... On July 1st Apple turned off the Back to My Mac service, so I removed the BtMM sign-in in the Time Capsule settings. The Time Capsule has been up ever since!
Arrgh, I posted too soon. The Time Capsule has crashed again. I swear, though, that it stayed up longer since I turned off Back to My Mac.

Since the Time Capsule log isn't persistent across boots, there's no knowing what's actually going wrong, unless I can figure out how to get the remote syslogging to work. In AirPort Utility 5.6, it is simple: just enter the Syslog Destination Address. But how do you configure a High Sierra Mac to be a syslog server? Is this the correct procedure?
Brett Hallen said:
Or is there a way to do it without bypassing SIP?
 


About 15 years ago, I set up a wireless network in our home. This was necessary because our house was built in 1925 with lathe and plaster walls. The network consists of an Apple AirPort Extreme base station (6th Gen with Time Capsule) and three Airport Express routers — one rectangular (A1084) and two square (A1264).

Using the AirPort Extreme to distribute WiFi with Bridge Mode off, the Expresses are on a LAN with Ethernet links. Our WiFi speed for our two Macs (iMac and Mac Mini) wired directly to them was about 125 Mbps. All portable devices also registered similar speeds when measured next to the Extreme router.

Now, away from the main router, it seems to take longer to download material from the Web to my MacBook Pro and our two iPhones, and three iPads. Away from the AirPort Extreme and in the same room with one of the Expresses, the download speed is about 6 Mbps down and 8 Mbps up. If you unhook the Ethernet feed from the Expresses, the green light turns yellow, and there is no signal to be had, so the 6Mbps signal was not being picked up directly from the Extreme, it is being delivered by the Express units.

There is the slim possibility that all three Expresses had never broadcast more than 6 Mbps, but I doubt it. Does anyone have any idea what could be wrong with this LAN? I’d appreciate any help or any suggested lines of investigation that might improve our WiFi signal around this old house.
 


I’d appreciate any help or any suggested lines of investigation that might improve our WiFi signal around this old house.
Apple's support page on extending AirPort networks notes that
Adding Wi-Fi base stations when it is unnecessary can reduce Wi-Fi throughput because the Wi-Fi network will require more data management overhead. The network configuration also becomes more complex. In the case of a wirelessly extended network, throughput may be reduced to less than 60 percent of that of a single device.
But that shouldn't apply to your (Ethernet-connected) Expresses.

Your "rectangular" AirPort Express (model A1084) offers 802.11b/g. With g, that should give you up to 54 Mbps, though C|Net's 2004 review showed it only delivers a maximum of 16 Mbps with mixed b and g clients.

If, as appears likely from your description, you have no 802.11b-only clients (seems unlikely unless you have an older device on your network that you didn't mention), I wonder whether the old Express is operating in b mode only. Seems as though you could test whether it's the bottleneck by disconnecting it and seeing if your throughput improves.

Another possibility is that the switch or hub or router that provides the RJ-45 port to which your Expresses are connected is for some reason delivering only 10Mbps Ethernet to those ports. Turning it off and on again is probably the the best way to test that, though it's the sort of thing that should nominally only happen on a per-port basis if the ports are auto-sensing. Had any electrical storms lately?
 


three Airport Express routers — one rectangular (A1084) and two square (A1264) ... Does anyone have any idea what could be wrong with this LAN?
... I still have my Expresses. They're pretty good paperweights for when the fan's aimed at the desk. But abandoned as they are by Apple, and not receiving security updates, they probably should be by you, too.

[To rule out potential encryption overhead], if you can access settings for your Expresses, you could test their highest potential by making them fully open instead of requiring a password. Try that, one at a time.

Again, if you can access settings, you could try defining each Express as its own access point with unique SSID. If they're sharing one SSID now, so you can wander around the house on one SSID, their signals could potentially be colliding. My Airport Extreme WiFi started having issues. It was on the North wall of my house. New neighbors had just installed their own WiFi router on the South wall of theirs, within 15' of my AirPot Extreme. Both routers were on the same WiFi channel, and theirs seemed more powerful. Changing the channel of mine helped.

It's helpful to have a WiFi diagnostic tool that reports on what networks are in range, their channels, and signal shape.
 


I rebooted each of the AirPort Expresses to no avail. The only dramatic result was when I turned off the rectangular Express, the signal in the room increased by a factor of 4. I think that the my iPhone responded to the station in the room, and when it was turned off, it picked up the AirPort Extreme on the floor below.

I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago. Swapping lines, some snaked behind lathe and plaster walls, present a mountain I'm not ready to climb.

So, I'm looking at an Eero mesh net. Considering that I've got Ethernet lines to all the strategic areas and those walls, I'm inclined to go with 3 of the Eero Pros instead of the set of a Pro and 2 Beacons.

Thank you, Joe.
 


Ric Ford

MacInTouch
Another possibility is that the switch or hub or router that provides the RJ-45 port to which your Expresses are connected is for some reason delivering only 10Mbps Ethernet to those ports.
I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago.
Joe's comment made me wonder if you might have a very old Ethernet switch/hub. If so, it might be subtly failing (I've seen that happen — very frustrating) or even be so old it doesn't handle 100+ Mbps. In either case, it might be worth just buying a new Ethernet switch, considering how cheap they are now.
 


... bum internet cable
Simple test: plug each cable separately into a computer with an Ethernet port.

This network cable tester is $11.79 on Amazon. Not endorsing this particular product, just suggesting the product type:
It'd be a shame to abandon working cables if they're not the problem.

Wirecutter prefers the Netgear Orbi to the Eero
Wirecutter said:
The Best Wi-Fi Mesh-Networking Kits
We gave Orbi the nod for its slightly easier setup and placement and lack of dependence on the cloud ...
 



My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?

My coax cable is double-shielded (copper braid plus aluminum foil), and it's my belief that the interference reaches my antenna about 100 feet from the Time Capsule. While I might be able to place the router elsewhere, it is close to where our Internet connection enters my house.
 


My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem? ...
I ran into 2m interference with an older Airport Extreme (one of the 'short' ones - 5th gen?), which I deduced was due to the power supply.

Happily, simply dorking around with the orientation of the Airport Extreme removed the interference. The best was standing the Airport Extreme on edge, at about a 45° angle from the LMR-400 run it was near.

I tested a recent Nighthawk, and while it was better for WiFi, it still produced interference. Again, changing positions helped. The interference is a raised noise floor, quite high.
 


My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?
Who knows if it will help, but you might try putting appropriate ferrite beads on the power supply and ethernet cables, as close as possible to the Time Capsule...
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts